III. REMARKS 

Claims 1-4, 6-10 were rejected under 35 USC 103(a) as being allegedly being 
unpatentable over Sasmazel et al, US 6,725,376 ("Sazmazel") in view of Limisco, US 
6,662,228. Claims 11-14 and 16 were rejected under 35 USC 103(a) as being allegedly being 
unpatentable over Sasmazel in view of Limisco, and Clark et al. US 6,442,588 ("Clark"). Claims 
5 and 15 were rejected under 35 USC 103(a) as allegedly being unpatentable over Sazmazel in 
view of Muratov et al, US Publication No. 2003/0097596. Applicant traverses these rejections 
for the reasons stated below. 

Applicant does not acquiesce in the correctness of the rejections and reserves the right to 
present specific arguments regarding any rejected claims not specifically addressed. Further, 
Applicant reserves the right to pursue the full scope of the subject matter of the claims in a 
subsequent patent application that claims priority to the instant application. 

Applicant respectfully submits that all of the claims are allowable because the cited art 
fails to teach or suggest each and every feature of the claimed invention. Beginning with claim 
3, Applicant recites "wherein the physical security system compares the IP address of a received 
message with the reference IP address for the user." The Office concedes on page 5 that 
Sasmazel and Limisco do not teach comparing. As such, Applicant submits that the rejection of 
claim 3 is defective. 

Similarly, claim 7 recites "determining at the Internet server if the IP address from the 
received message matches the reference IP address associated with the login data of the 
requesting user." In this case, matching (versus comparing) is recited. Nonetheless, for the same 
reason as above, Sasmazel and Limisco do not teach matching. As such, Applicant submits that 
the rejection of claim 7 is defective. 
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With regard to claim 1, Applicant recites a single Internet server that provides both 
logical authentication (i.e., name and password) and physical authentication (i.e., IP address 
analysis). Sasmazel teaches away from providing its eticket process in a single server 
environment such as Applicant's, since the whole purpose of Sasmazel's eticket is to provide 
secure access to information over a distributed computing environment, such as the web (see, 
e.g., Summary of the Invention). Nowhere does Sasmazel teach or suggest using both logical 
and physical authentication at a single server. 

Note that Sasmazel teaches the use of two servers, an (1) authentication server that 
determines an identity of a user attempting to access a system (column 1, lines 57-58), and (2) an 
authorization server that determines what types of activities are permitted for an authenticated 
user (column, lines 304). As noted above, authentication by the (1) authentication server in 
Sasmazel is done via a name and password. Sasmazel neither teaches nor suggests using an IP 
address for authentication at the (1) authentication server. Any suggestion otherwise is without 
factual support. Authentication by the (2) authorization server is achieved by successfully 
decrypting the eticket. "If the hashing technique and public key operate to properly decrypt and 
rehash the eticket 310, then the information stored in the eticket 3 1 0 is determined to be valid." 
(See column 9, lines 18-20). Once the eticket is determined to be valid (i.e., authentic), then the 
(2) authorization server can extract the authorization level (see, e.g., column 7, lines 36-37) to 
determine if the user is authorized for a requested service (see, e.g., column 9, lines 35-49). 

Similarly Liminsco teaches using multiple servers, e.g., a first authentication server and a 
second authentication server, see, e.g., Abstract. Likewise, Clark provides a multi-server 
environment in which a plurality of online service providers (OSP) is contemplated. While 
Clark does perform a compare operation, it compares "the origination IP address with one or 



10/667,852 



7 



more tables" having "authenticated IP addresses for a different particular OSP." Thus, in Clark, 
the original login occurs at a first server, and the authentication occurs at a second server. 
Accordingly, for these reasons, Applicant submits that claims 1, 7 and 1 1 are allowable over the 
cited art. 

Claims 5 and 15 are believed allowable for similar reasons. Each of the claims not 
specifically addressed herein is believed allowable for the reasons stated above, as well as their 
own unique features. 

Applicant respectfully submits that the application is in condition for allowance. If the 
Examiner believes that anything further is necessary to place the application in condition for 
allowance, the Examiner is requested to contact Applicant's undersigned representative at the 
telephone number listed below. 



Dated: 5/22/08 

Hoffman, Warnick & D'Alessandro LLC 

75 State Street 

Albany, NY 12207 

(518) 449-0044 - Telephone 

(518) 449-0047 - Facsimile 



Respectfully submitted, 




Michael F. Hoffman 
Reg. No. 40,019 
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